This may be obvious to most experienced developers,but just in case its not,when using preg_grep to check for whitelisted items ,one must be very careful to explicitly define the regex boundaries or it will fail<?php$whitelist = ["home","dashboard","profile","group"];$possibleUserInputs = ["homd","hom","ashboard","settings","group"];foreach($possibleUserInputs as $input){ if(preg_grep("/$input/i",$whitelist) { echo $input." whitelisted"; }else{ echo $input." flawed"; }

I think this is because if boundaries are not explicitly defined,preg_grep looks for any instance of the substring in the whole array and returns true if found.This is not what we want,so boundaries must be defined.

}?>this results in:homd flawedhom flawedashboard flawedsettings flawedgroup whitelistedin_array() will also give the latter results but will require few tweaks if say,the search is to be case insensitive,which is always the case 70% of the time